Devise + Omniauth call action passthru on login Facebook

Question

When I try to login with Facebook using Omniauth and Devise, passthru is called instead of facebook. How do I pass in the link_to:

user_omniauth_authorize_path(:facebook)

I've revised the code many times and tried to use this route:

  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } do
    get '/users/auth/:provider' => 'users/omniauth_callbacks#passthru'
  end

and

  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } 

But the error is same. I have the action facebook in my users/omniauth_callbacks_controller.rb

Answer 1

I just flailed with the exact same problem for hours, trying everything including doing the exact same process on a different branch with github oauth, which worked without a problem. What finally worked for me was changing the hash of arguments I was passing to config.omniauth in devise.rb after the app token and secret. It was name: 'google' that was doing it. Commented it out and it works:

config.omniauth :google_oauth2, 'ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"],
   {
    # name: 'google',
    scope: 'calendar, plus.login plus.me'
  }

Whether the id and secret are hard coded in has no effect. I didn't try it, but :name seems like it is used as an alias for the provider to use elsewhere in the code in place of :google_oauth2. Uncommenting it and changing it (redundantly) to name: google_oauth2 works. I'm sure you've either solved it or moved on after a year but I hope this helps someone in the future.

onmiauth-google-oauth2 0.2.5

devise 3.4.0

rails 4.1.6

Answer 2

In my case, we added the gem omniauth-rails_csrf_protection but we were still trying to access the authorize endpoints using GET methods. Replacing those GET calls by POST requests (with the CSRF token) solved it.